Patch your OpenMRS servers for Shellshock vulnerability

Yesterday, a vulnerability in bash was announced, that was originally found by Stephane Schazelas. The vulnerability allows for arbitrary code execution in bash by setting specific environment variables. Later Travis Ormandy released a second exploit that will work on patched systems. Demonstration that the patch released yesterday is incomplete.

The SANS Internet Storm Center have prepared a short video with details:

More details and instructions: